The version of Tomcat installed on the remote host is prior to 9.0.35. It is, therefore, affected by a remote code execution vulnerability as referenced in the fixed_in_apache_tomcat_9.0.35_security-9 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.